[MAC-JUNE 2019]

MALAYSIAN LAW ON CYBER TERRORISM

PENAL CODE

SECTION 130B - describes terrorism as an act or threat of action designed or intended to disrupt or seriously
interfere with, any computer systems or the provision of any services directly related to communications
infrastructure, banking or financial services, utilities, transportation or other essential infrastructure.

SECTION 130C - committing terrorist acts

SECTION 130D - providing devices to terrorist groups

SECTION 130E - recruiting members of terrorist groups or to participate in terrorist acts and providing
training and instruction to terrorist groups

Section 130N - provides for a penalty of up to 30 years of imprisonment or death penalty.

PREVENTION OF TERRORISM ACT 2015 (POTA)

Section 3(1) - allows for arrest without warrant if a police officer has reason to believe that grounds
exist that would justify holding an inquiry under this Act. In such a situation, the suspect can be retained for not
more than seven days, after which he has to be referred to the Public Prosecutor for direction.

Section 4(2)(a) - Terrorist suspects may be detained by the police for an initial investigation period of 21 days,
which may be extended by an additional 38 days.

OUTSIDE MALAYSIA

INTERNATIONAL CONVENTION FOR THE SUPPRESSION OF TERRORIST BOMBINGS

The objective of the International Convention for the Suppression of Terrorist Bombings
(the Convention) is to enhance international cooperation among States in devising and adopting effective and
practical measures for the prevention of the acts of terrorism, and for the prosecution and
punishment of their perpetrators.

ARMS CONTROL TREATIES

The purpose of UN Convention on Certain Conventional Weapons is to ban or restrict the use of specific types of
weapons that are considered to cause unnecessary or unjustifiable suffering to combatants or to affect civilians
indiscriminately. Cyber weapons, if used in moderation do not create the same lethal and utterly catastrophic
effects when compared to a nuclear bomb.

CONVENTION ON THE PHYSICAL PROTECTION OF NUCLEAR MATERIAL

The Convention on the Physical Protection of Nuclear Material was signed at Vienna and at New York on 3 March
1980. The Convention is the only international legally binding undertaking in the area of physical protection of
nuclear material. It establishes measures related to the prevention, detection and punishment of offenses relating
to nuclear material.

MALAYSIAN CASES

2016 MOVIDA BAR GRENADE ATTACK - On 28 June 2016, Malaysia suffered an ISIS-inspired attack at a  bar located
in Puchong, Selangor, where a crowd had gathered to watch a Euro 2016 football match. Malaysian police have
arrested two suspects in the explosion that left eight injured including one foreigner from China. The detained
1
[MAC-JUNE 2019]
men had received instructions from ISIS in Syria and according to a Facebook post the attack was an act of
revenge on people participating in social activities during Ramadhan.

51-YEAR-OLD HOUSEWIFE IN MALAYSIA GAVE ISIS THE POLLING DAY ATTACK PLAN (2018) - The 51-year-old
woman, is a mother of two and the first female leader of a pro IS militant cell in the country. The intelligence
gathered suggested that the woman had planned to load gas cylinders in her car and ram her vehicle into voters
at a polling station in Puchong. She had also planned to fill her car with gas canisters and explosives and ram it
into non-Muslim houses of worship. The housewife was an active member in IS-affiliated WhatsApp groups since
2014 and was masking her communications in a chat group titled “Makan Makan dgn Kak Nor” or “Eat with Kak
Nor”.

OUTSIDE MALAYSIA

2012 CYBERATTACKS ON IRAN - the New York Times reported cyber-attacks by the United States and Israel against
Iran. This cyber-attack uses computer virus Stuxnet to cripple Iran's nuclear program.

SPANAIR FLIGHT 5022 - In 2008, there was a plane crash at Madrid-Bajaras airport where one of Spanair’s central
computers was infected by Trojans. The plane will send a signal when there are some technical problems and the
central computer should generate an alarm. The plane dropped as the alarm was not generated and it caused 154
deaths.

CHALLENGES

NO CLEAR CUT BATTLEFIELD IN CYBER-ATTACK - Attackers could hack and attack from anywhere as in websites, be
it government websites as well as online private websites. The attacks could be done in a very unexpected
manner and it is difficult to track the offender due to its broad medium and opportunity.

NEVER ENDING TECHNOLOGY ADVANCEMENT ON OUR COMPUTERS - If the software of our computer keeps on
upgrading to a better system, hence, the protection of the software need to step up the game too. The step to
keep updating such protection is always being neglected by people nowadays as they have not foreseen the
threats yet and that it will cost them more money.

PEOPLE THESE DAYS BECOMES MORE RELIANT TO THE INTERNET - Especially the middle-aged and elderly are
gullible and they are easily deceived by what they saw or what read on the internet. This has made the internet an
inexpensive and convenient vehicle to sway the public opinion on certain matters such as politics, economics and
even the social concerns. This has made the terrorists’ job a lot easier to spread propaganda as well as to promote
terrorism.

RECOMMENDATIONS

INDIVIDUAL - Cater the needs of the never-ending progress of the internet. It is necessary to keep one’s operating
system patched and up-to-date to ensure a fewer vulnerabilities to exploit. Individual should always back up
important data and files, frequently and automatically. This maybe won't stop a malware attack, but it can make
the damage caused by one much less significant and recoverable.

ORGANIZATIONS - Should have their confidential documents to be kept in Intranet. This is to prevent any
unauthorized access from outside as the documents could only be accessed among their employees only. Develop
IT policies to protect their business data, including what types of files employees can download as well as what to
do in the event of a cyber-attack.

GOVERNMENT - A strong defense requires things like internal and external firewalls, intrusion prevention and
reverse proxy devices, segmenting our networks, and ensuring we have good protection against
malware and viruses across all our systems.
2